Skip to content
web security

Web Application Security Testing

With business increasingly relying on web applications as business interfaces there is been an increase in cyber attacks multi fold and web application security testing has gained prominence. Our Web Application Security Testing course takes testers hands on from the fundamental of web security testing to the advanced offensive web security testing techniques

822 Ratings

Enquiry Now 

300 +

Students Empowered


Best Selling Program


online Program

Start Date

program on
Feb 26-27, 2022

live session 1 1
case study 2 1
assignments 3 1
certification 4 1

About the Course

divider new

In this 2- day practical Web Application security Testing course, you will learn

  • Foundations of Web
  • Foundations of Security
  • Under the Hood – Understanding HTTP
  • Foundations of Web Security
  • Survey the Territory
  • Top Vulnerabilities
  • Hands-On and Brainstorming Exercises
  • HTML
  • Using Browser Plugins
  • Encoding and Decoding
  • Parameter Tampering
  • Breaking Authentication
  • Breaking Access Flaws
  • Breaking Session Management
  • SQL Injection
  • Cross-Site Scripting (XSS)

Course Outline

divider new
  • The Changing Face of the Web
  • How It Was
  • How It is Now
  • Why Web technologies became so popular
  • A high level view of Browsers, HTML, JavaScript, XML etc.
  • Where are the security issues in a software
  • Basics of Encoding and Encryption
  • Security Attributes with Examples – Authentication, Authorization, Confidentiality, Integrity, Non-Repudiation/Accountability, Availability
  • Understanding basic web user operations w.r.t. security attributes
  • What is the goal of security attacks
  • Why the attacks on the Web have become popular
  • All Input is Malicious
  • Change of Context – Data to Code
  • Introduction to HTTP
  • Introduction to Web Proxies
  • How does a Web Proxy Work
  • How to use a Web Proxy using Browser Options and Plugins
  • HTTP Request Format
  • HTTP Response Format
  • HTTP Methods
  • HTTP Status Codes
  • HTTP Headers
  • The key differences between a GET and POST
  • Converting a GET into POST and vice versa
  • HTTP is stateless
  • Session Management
  • Session Tokens versus Session
  • Cookies
  • Hidden Variables
  • Client-side restrictions – HTML / JavaScript
  • Cookies from Security Perspective
  • Encoding versus Encryption
  • Session Management from Security Perspective
  • Authentication and Authorization from Security Perspective
  • HTML Parameters from Security Perspective
  • The Misplaced Trust on Client
  • Understanding Web Architecture
  • Mapping an application from security perspective
  • Using Browser
  • Using Browser and Plugins
  • What are the different areas of interest
  • Vulnerability Lists ( Focus on OWASP )
  • Injection (Focus on SQL Injection)
  • Cross-Site Scripting
  • Authentication Flaws
  • Session Management Flaws
  • Authorization Flaws
  • Cross-Site Request Forgery
  • Insecure Configuration
  • Insecure Storage
  • Insecure Transmission
  • Redirection Flaws
  • The exercises are conducted using local vulnerable apps which have been designed and developed for the purpose.
  • No public website is used for the exercises, as that would break the Ethics code.
  • Creating Basic HTML Links
  • Creating Basic HTML Forms
  • BurSuite
  • Understanding how the request is handled at various stages -> browser, TCP, web server, web framework middle layer, web server ( and then DB server, web service etc. if applicable )
  • Converting a GET into a POST request and vice versa
  • Proxy Bar, Proxy Button
  • FireBug / Web Developer
  • Tamper Data
  • HackBar
  • Groundspeed
  • Encoding and Decoding
  • URL Encoding
  • Base64 Encoding
  • Hidden Variables
  • URLs
  • Form Data
  • Brain-storming on various authentication flaws
  • Forgot Password Exercises
  • Naming conventions from security perspective
  • Thinking from the development angle
  • Finding hidden directories and parameters
  • Manipulating Direct Object References
  • Cookie Manipulation
  • Understanding SQL using MySQL Database
  • Imagining SQL based on the web application context
  • String and Numeric SQL Injection
  • Understanding when to use which form
  • Understanding attack delivery for bug advocacy
  • Retrieving cookies using JavaScript
  • Reflected XSS
  • Stored XSS
  • Understanding Delivery mechanism of XSS (Demonstration)
  • Relation to Social Engineering


divider new

Coming Soon


Rahul Verma

Chief Technology Officer, Verity Software

About the Instructor

divider new

CTO, Verity Software and Founder of Test Mile, Advisor and researcher for SALT – School of Applied Learning in Testing, president of ITB’s Bangalore chapter.

Awarded ‘Thought Leader’ for his contributions to Indian testing community, he has presented and published number of papers at several conferences including GTAC, CONQUEST, TEST2008, Yahoo! India, McAfee and IIT Madras.

Consults, coaches, mentors, conducts workshops and interviews in the areas of software testing, test automation frameworks, agile testing, web security, Python and web performance testing.

Known for his practical and unified view of software testing.

Tools Covered

divider new
tools dummy


divider new

This is a 2 full day course which will start at 09:30 AM and end at 05:30 PM on all the 2 days.

No. We do not provide any tools with this course.
The maximum batch size is 20 members in one batch.

Yes post training support will be provided, you can contact the trainers for any queries which you may have.

No, coding is not a prerequisite.

We strongly recommend that the participants attend the batch which they have specifically registered for. There can be exceptions in case of emergencies but the difference in fee(if any) will have to be borne by the participant.
No we do not provide refunds upon cancellation.

Yes we can arrange for an in-house batch for your company given there are a minimum of 10 participants per batch.

Trending Courses

divider new

Drop Us a message to know about our upcoming batch

Enquiry Now 

For further queries contact  

divider new



+91 98230 64054

+91 72598 68993

Instructor led online Program on
Feb 26-27, 2022



Click one of our contacts below to chat on WhatsApp

× Talk to the Advisor